Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk App for Linux Auditd Log

Symon
Explorer
‎02-25-2024 09:16 PM

Hello Sirs,

I would like to know the most useful Splunk App that can be suitable for Linux Auditd events. I have Linux devices such as Mangement Servers, DNS, HTTP Servers, Firewall, etc. These logs carried by both Syslog Forwarder and Heavy forwarders. 


Please suggest how to monitor the audit logs by which Splunk App?

Thanks a bunch.

0 Karma
Reply

kiran_panchavat
SplunkTrust
SplunkTrust
‎02-28-2024 07:22 AM

@Symon  

To effectively monitor Linux Auditd events in Splunk, you can use the Splunk Add-on for Linux.

This add-on allows you to collect and analyze audit logs from your Linux devices. Here’s how you can set it up:

Configure AuditD to Send Data to the Splunk Add-on for Linux:

https://docs.splunk.com/Documentation/AddOns/released/Linux/Configure4 
https://splunkbase.splunk.com/app/833 

This Add On for linux Auditd allows Administrators to make their data OCSF Compliant and CIM compliant for related Linux Auditd Events

https://preview.splunkbase.splunk.com/app/7045 

 

Did this help? If yes, please consider giving kudos, marking it as the solution, or commenting for clarification — your feedback keeps the community going!
Reply

Symon
Explorer
‎02-29-2024 09:00 PM

Thanks. Noted sir.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...